The Information Commissioner's Office (ICO) would have the power to fine organisations up to £500,000 for serious breaches of data protection principles under plans announced this week by the Ministry of Justice.
The consultation, Civil monetary penalties - setting the maximum penalty, asks just one question: whether the …

Hanging's Too Good For 'Em

"we consider it desirable that the maximum amount of the penalty should not be higher than the equivalent of 10% of the highest annual turnover of a small company."

Small company.. 10%.. what now? How is that in any way relevant to a Government department losing half a million drivers details / patients records / pay details for undercover police / addresses of army staff / etc.

Oh it's not meant to be.. because the Government knows it's more than likely it will fall foul of this law several times and doesn't want to sting itself with massive fines. There shouldn't be a cap on the amount and the fine itself should get put into a charitable causes pot.

So I guess the proceeds form any fine would go into the exchequer

In which case, when the gubmint gets its fines (this is sure to happen, right?), this money would come from the exchequer and go... back in the same pot?

Or maybe, it should go back to us taxpayers as a rebate? Stop laughing at the back...

What is ACTUALLY required, IMHO are criminal sanctions against the individuals concerned, and not just the lowly scapegoats who get the blame for data leaks, but their superiors who put them in a position to leak the data and through negligence, allow it to happen. I would dearly love to see those senior civil servants and government ministers serving time for their wilful disregard for the privacy and rights of us minions, er.. sorry, voters. Same goes for those in big buisness who think that profits are more important than the rights of their customers. God forbid that there would ever be any cross-over between these two groups, of course...

Seems fair

So if some company keeps a record of my preference in chocolate (or something equally harmless) it may be fined half a million pounds. But if the police arrest me on a trumped-up charge, they can take and keep my DNA (probably the most important and critical personal data I have) more or less indefinitely.

By the way, if any MOP (member of the public) chooses to ring up the police (anonymously if they prefer) and accuse me of assaulting someone, odds are the police officer who deals with the call will begin by arresting me - before doing anything else, such as finding out the facts.

why a maximum fine

why not set a fixed 'per item' fine based on the severity of the data leaked, that way the difference between losing 20 meaningless items of data on 20 people can be differentiated from losing the entire country's medical records, for example.